使用 Spring MVC 和 Spring Security 进行 404 注销
404 logout with SpringMVC and SpringSecurity
我正在学习 spring 安全(基于 java 的配置),但我无法使注销正常工作。当我点击注销时,我看到 URL 更改为 http://localhost:8080/logout 并获得 "HTTP 404 - /logout"。登录功能工作正常(即使使用自定义登录表单)但注销是问题所在,我怀疑重定向的 url "localhost:8080/logout" 应该像 "localhost:8080/springtest/logout"
我正在关注一本书和这些示例的组合:
http://docs.spring.io/spring-security/site/docs/3.2.x/guides/hellomvc.html
我正在使用:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>4.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.2.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.2.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.2.RELEASE</version>
<scope>compile</scope>
</dependency>
这是 MVC 初始化程序:
public class MvcInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { RootApplicationContextConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] { WebApplicationContextConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
@Override
protected Filter[] getServletFilters() {
return new Filter[] { new HiddenHttpMethodFilter() };
}
}
这是安全初始化程序:
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}
这是 Web 配置:
@Configuration
@EnableWebMvc
@EnableTransactionManagement
@ComponentScan(basePackages = { "org.munilvc.springtest" })
public class WebApplicationContextConfig extends WebMvcConfigurerAdapter {
@Bean(name = "viewResolver")
public InternalResourceViewResolver getViewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setPrefix("/WEB-INF/views/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
}
// Serve static content like <mvc:resources/> tags
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**").addResourceLocations("/resources/magic/").setCachePeriod(31556926);
}
}
这是安全配置:
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
}
还有一个家庭控制器,我不确定这是最好的方法,但我希望 localhost:8080/springtest 重定向到家庭,Spring安全应该用登录页面拦截它。这现在对我有用,但我想知道这是否是正确的方法?
@Controller
public class HomeController {
@RequestMapping("/")
public String showLoginForm(Model model) {
return "home";
}
}
最后,这是我主页上的注销:
<p class="navbar-text navbar-right">
Signed in as <a href="#" class="navbar-link">${pageContext.request.remoteUser}</a>
<form class="navbar-form pull-right" action="/logout"
method="post">
<input type="hidden" name="${_csrf.parameterName}"
value="${_csrf.token}" /> <input type="submit" value="Log out" />
</form>
是否需要为注销做一个明确的请求映射?我已经检查了 spring 文档中的示例应用程序 hellomvc-jc,但是我没有看到任何明确的请求映射,所以我相信 SpringSecurity 4 已经解决了这个问题,不是吗?
非常感谢!非常感谢您抽出时间,希望这对其他人有所帮助。
使用action="logout"
代替action="/logout"
我正在学习 spring 安全(基于 java 的配置),但我无法使注销正常工作。当我点击注销时,我看到 URL 更改为 http://localhost:8080/logout 并获得 "HTTP 404 - /logout"。登录功能工作正常(即使使用自定义登录表单)但注销是问题所在,我怀疑重定向的 url "localhost:8080/logout" 应该像 "localhost:8080/springtest/logout"
我正在关注一本书和这些示例的组合: http://docs.spring.io/spring-security/site/docs/3.2.x/guides/hellomvc.html
我正在使用:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>4.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.2.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.2.RELEASE</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.2.RELEASE</version>
<scope>compile</scope>
</dependency>
这是 MVC 初始化程序:
public class MvcInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { RootApplicationContextConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] { WebApplicationContextConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
@Override
protected Filter[] getServletFilters() {
return new Filter[] { new HiddenHttpMethodFilter() };
}
}
这是安全初始化程序:
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}
这是 Web 配置:
@Configuration
@EnableWebMvc
@EnableTransactionManagement
@ComponentScan(basePackages = { "org.munilvc.springtest" })
public class WebApplicationContextConfig extends WebMvcConfigurerAdapter {
@Bean(name = "viewResolver")
public InternalResourceViewResolver getViewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setPrefix("/WEB-INF/views/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
}
// Serve static content like <mvc:resources/> tags
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**").addResourceLocations("/resources/magic/").setCachePeriod(31556926);
}
}
这是安全配置:
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
}
还有一个家庭控制器,我不确定这是最好的方法,但我希望 localhost:8080/springtest 重定向到家庭,Spring安全应该用登录页面拦截它。这现在对我有用,但我想知道这是否是正确的方法?
@Controller
public class HomeController {
@RequestMapping("/")
public String showLoginForm(Model model) {
return "home";
}
}
最后,这是我主页上的注销:
<p class="navbar-text navbar-right">
Signed in as <a href="#" class="navbar-link">${pageContext.request.remoteUser}</a>
<form class="navbar-form pull-right" action="/logout"
method="post">
<input type="hidden" name="${_csrf.parameterName}"
value="${_csrf.token}" /> <input type="submit" value="Log out" />
</form>
是否需要为注销做一个明确的请求映射?我已经检查了 spring 文档中的示例应用程序 hellomvc-jc,但是我没有看到任何明确的请求映射,所以我相信 SpringSecurity 4 已经解决了这个问题,不是吗?
非常感谢!非常感谢您抽出时间,希望这对其他人有所帮助。
使用action="logout"
代替action="/logout"